BioSec: DNMar23
Possible Security problems
- misuse of data
- input validation
- phishing
- banking
- want credentials
- using email
- send an email that looks like it comes from the bank
- link goes to malicious site that looks arbitrarily like the bank (unpack)
- user types in credentials, potentially gets transparently redirected to real bank site
Problems arise from:
- illegitimate email
- link to site that looks like the bank but isn't the bank
- credentials being entered in wrong domain, wrong page
- misappropriated text, images in email, site images
- bad/missing/suspect certificate
- certificate/credential combination is suspect
Human algorithm:
- is the domain the same for the one where credentials are normally sent?
- not normally in response to email request
- certificate is the same
Think of individual detectors as autonomous:
- how would they be useful?
- how would they work? to detect?
- how should they change system state in the normal case?
List of individual detectors
image filename check
context / semantic word descriptions --> semantic integrity - verifying message / content integrity based on the content itself - even if it is digitally signed.
spellcheck
domain / ip address check
certificate check - issuer name, domain name, client name, date of issue, date of expiry